- An investigation has uncovered an extensive ‘shadow’ IT system within Europol, known as the Computer Forensic Network (CFN), operating parallel to official databases.
- The system allowed access and analysis of sensitive information such as phone records, financial data, and geolocation information, often without a clear legal basis.
- By 2019, the CFN contained at least two petabytes of data, nearly 420 times more than Europol’s official criminal databases.
- The system operated for years without basic security measures, including access controls and activity logs, making it impossible to track who accessed data.
- Internal reports from 2019 confirmed that 99% of the agency’s operational data was stored in an environment that did not meet basic security standards.
- The European Data Protection Supervisor ordered Europol to delete data on individuals without a confirmed link to criminal activity, but key problems persist.